I've noticed that the sudoers file and cron config files act in a special way compared to other config files on Linux. They need to be edited with a special wrapper rather than any text editor. Why is this?

2 Answers
2

You use visudo mostly to prevent from breaking your system. Visudo runs checks on your changes to make sure you didn't mess anything up. If you did mess something up, you could completely wreck your ability to fix it or do anything requiring privileges without rebooting into a rescue mode.

visudo edits the sudoers file in a
safe fashion, analogous to vipw(8).
visudo locks the sudoers file against
multiple simultaneous edits, provides
basic sanity checks, and checks for
parse errors. If the sudoers file is
currently being edited you will
receive a message to try again later.

Interesting! +1, for illustrating a simple explanation for something that I should have known a long time ago :)
–
Greg MeehanJun 16 '09 at 1:58

4

The behaviour of visudo is available generically as a command called sudoedit. This does the same lock/copy/edit/copy/unlock cycle (though obviously not with the parse step). One advantage this has is that it lets you give people sudo access to edit root-owned files without launching an editor as root, which might let them launch a shell from within the editor. If I shell out of my editor while running sudoedit, my euid is still my own.
–
James FJun 16 '09 at 7:38